<?php
/*********************************************
  CPG Dragonfly™ CMS
  ********************************************
  Copyright © 2004 - 2007 by CPG-Nuke Dev Team
  http://dragonflycms.org

  Dragonfly is released under the terms and conditions
  of the GNU GPL version 2 or any later version
**********************************************/
if (!defined('ADMIN_PAGES')) { exit; }

Dragonfly_Page::setTitle(_AUTHORSADMIN);

function isValidAdminPassword($pass)
{
	return (preg_match('#[0-9]#', $pass)
	 && preg_match('#[a-z]#', $pass)
	 && preg_match('#[A-Z]#', $pass)
	);
}

// Add new administrator
if (isset($_GET['mode']) && $_GET['mode'] == 'add') {
	if (!can_admin() || $CPG_SESS['admin']['page'] != 'admins' || $_POST['form_id'] != $_SESSION['ADMIN_FORM_ID']) {
		cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
	}
	if (strlen($_POST['add_aid']) < 3 || strlen($_POST['add_pwd']) < 3 || is_email($_POST['add_email']) < 1) {
		cpg_error(_COMPLETEFIELDS, _CREATIONERROR);
	}
	if (!isValidAdminPassword($_POST['add_pwd'])) { cpg_error(_PASSWORD_MALFORMED, _CREATIONERROR); }

	$admin = new Dragonfly_Admin_Identity();
	$admin->name     = $_POST['add_aid'];
	$admin->email    = $_POST['add_email'];
	$admin->password = $_POST['add_pwd'];
	if (!empty($_POST['radminsuper'])) {
		$admin->radminsuper = true;
	} else {
		foreach ($admin->radmin as $aop => $v) {
			$ra = 'radmin'.$aop;
			$admin->$ra = in_array($aop, $_POST['radmin']);
		}
	}
	$admin->save();

	URL::redirect(URL::admin('admins'));
}

// Delete an administrator
else if (isset($_GET['del_aid'])) {
	if (!can_admin() || $CPG_SESS['admin']['page'] != 'admins') { cpg_error(_ERROR_BAD_LINK, _SEC_ERROR); }
	if (!is_numeric($_GET['del_aid'])) { cpg_error(sprintf(_ERROR_NOT_SET, _ADMINID), _SEC_ERROR); }
	$del_aid = intval($_GET['del_aid']);
	if ($del_aid == 1) { cpg_error(_GODNOTDEL); }
	$admin = new Dragonfly_Admin_Identity($del_aid);
	if (isset($_POST['confirm'])) {
		$admin->delete();
	} else if (!isset($_POST['cancel'])) {
		Dragonfly_Page::setTitle(_AUTHORDEL);
		cpg_delete_msg(URL::admin('admins&amp;del_aid='.$del_aid), sprintf(_ERROR_DELETE_CONF, '<strong>'.$admin->name.'</strong>'), $hidden='');
	}
	URL::redirect(URL::admin('admins'));
}

else if (isset($_GET['modify']))
{
	$aid = intval($_GET['modify']);
	if ($aid < 1) { cpg_error(sprintf(_ERROR_NOT_SET, _ADMINID), _SEC_ERROR); }
	if (!can_admin() && $_SESSION['DF_VISITOR']->admin->id != $aid) { cpg_error(_ERROR_BAD_LINK, _SEC_ERROR); }

	$admin = new Dragonfly_Admin_Identity($aid);

	// Update administrator settings?
	if ('POST' === $_SERVER['REQUEST_METHOD']) {
		if ($CPG_SESS['admin']['page'] != 'admins' || $_POST['form_id'] != $_SESSION['ADMIN_FORM_ID'])
		{
			cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
		}
		$admin->email = $_POST['chng_email'];
		if (!empty($_POST['chng_pwd']) && !empty($_POST['chng_pwd2']) /*&& $aid > (Dragonfly::isDemo()?1:0)*/) {
			if (!isValidAdminPassword($_POST['chng_pwd'])) { cpg_error(_PASSWORD_MALFORMED); }
			if ($_POST['chng_pwd'] != $_POST['chng_pwd2']) { cpg_error(_PASSWDNOMATCH); }
			$admin->password = $_POST['chng_pwd'];
		}
		if (can_admin()) {
			$admin->radminsuper = !empty($_POST['radminsuper']);
			foreach ($admin->radmin as $aop => $v) {
				$ra = 'radmin'.$aop;
				$admin->$ra = !$admin->radminsuper && in_array($aop, $_POST['radmin']);
			}
		}
		$admin->save();
		URL::redirect(URL::admin('admins'));
	}

	Dragonfly_Page::setTitle(MODIFYINFO);

	$TPL = Dragonfly::getKernel()->OUT;
	$TPL->admin_form_id = $_SESSION['ADMIN_FORM_ID'] = microtime();
	$TPL->admin = $admin;
	$TPL->admin_ops = $admin->radmin;

	$TPL->display('admin/admins/edit');
}

else {
	$admin = new Dragonfly_Admin_Identity();
	$adminops = array_keys($admin->radmin);

	$TPL = Dragonfly::getKernel()->OUT;
	$TPL->admin_form_id = $_SESSION['ADMIN_FORM_ID'] = microtime();
	$TPL->admin_ops = $adminops;

	$result = $db->query('SELECT * FROM '.$prefix.'_admins');
	$admins = array();
	while ($row = $result->fetch_assoc()) {
		$radmin = array();
		if ($row['radminsuper']) {
			$radmin[] = _SUPERUSER;
		} else {
			foreach ($adminops as $aop) {
				if ($row[('radmin'.$aop)]) $radmin[] = $aop;
			}
		}
		$admins[] = array(
			'aid' => $row['aid'],
			'permissions' => implode(', ', $radmin),
			'mod_uri' => (can_admin() || $row['aid'] == is_admin()) ? URL::admin('&amp;modify='.$row['admin_id']) : false,
			'del_uri' => (can_admin() && $row['aid'] != is_admin()) ? URL::admin('&amp;del_aid='.$row['admin_id']) : false,
		);
	}
	$TPL->admins = $admins;

	$TPL->display('admin/admins/index');
}
